Mysql Empty Password Scanner
If your MySQL server permits connection without a password, it is better to find this before people with malicious intentions.
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
5 second
Time Interval
5 day
Scan only one
Domain, Ipv4
Toolbox
-
What is Mysql ?
MySQL is an open-source, relational database management system.
You can connect with MySQL server with MySQL clients with graphical interface (ex. MySQL Workbench, Navicat, HeidiSQL, DBeaver, Adminer, Phpmyadmin etc.) or from the command line (ex. bash, iterm, powershell).
What is Mysql Empty Password Vulnerability ?
In some cases, root or anonymous user can be set without a password and MYSQL service might be opened to the internet. In this case, people with malicious intention might connect to the database to access various data.
How To Check Mysql Empty Password Vulnerability ?
You can easily do this with our free and online MySQL Empty Password Vulnerability scanner tool. To do this, you can start by typing your domain name in the form on top of the page and start scanning.
Or you can run nmap --script mysql-empty-password -p 3306 Target_Host command on nmap tool which can be installed to all operating systems.
Also, you can use mysql_login auxiliary module of “Metasploit Framework” to check the vulnerability.
Lastly, you can check manually. If your MySQL server is impacted from this vulnerability, you will have a result similar to the following:
mysql -h 172.19.0.100 -u root -p Enter password: // leave it blank Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 9 Server version: 5.7.29-0ubuntu0.18.04.1 (Ubuntu) Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql>